Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Original release date: August 14, 2019

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

Windows 7 SP1
Windows Server 2008 R2 SP1
Windows Server 2012
Windows 8.1
Windows Server 2012 R2
Windows 10
Windows Server 2016
Windows Server 2019

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates:

Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
Microsoft Security Vulnerability Information for CVE-2019-1181
Microsoft Security Vulnerability Information for CVE-2019-1182
Microsoft Security Blog Post: Protect Against BlueKeep
Microsoft Customer Guidance for CVE-2019-0708

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin